BEST PRACTICEINTERNET GATEWAY SECURITY POLICY

INSPECT ALL TRAFFIC FOR VISIBILITY

www.paloaltonetworks.com/documentation

REDUCE THE ATTACK SURFACE

PREVENT KNOWN THREATS

DETECT UNKNOWN THREATS

Gain full visibility into all traffic across all users and applications all the time.

Create security policy rules based on application and user.

Enable the firewall to scan all all allowed traffic for known threats.

1 DEPLOY GLOBALPROTECT

1 CREATE FILEBLOCKING PROFILE

1 ATTACH PROFILESTO POLICY RULES 2 DETECT AND

BLOCK THREATS

1 SENDUNKNOWN FILES 2 IDENTIFY THREATS

WITH WILDFIRE 3 DELIVERSIGNATURE

2 ENABLE SSL DECRYPTION

NEXT-GENFIREWALL

01110101011110001010010101101010001010110111010101110

011101000101011100110100011APP-ID

CONTENT-ID

USER-ID

2 CREATE URLFILTERING PROFILE 3 ENABLE USER-ID

Forward all unknown files to WildFire for analysis.